Pentesting standards and guidance

Before diving deep into pentesting standards and guidelines, we need to define some important terminology to avoid any confusion or misconceptions about four different terms: policies, standards, procedures, and guidance. All these terms play important roles in information security management, but a clear understanding of the difference between them is essential to avoid using them in the wrong way.